Date: Tue, 27 Apr 2004 21:49:32 -0400 (EDT)
From: "Keith F. Lynch" <kfl at KeithLynch.net>
Subject: [WSFA] Re: Clueless spammer
To: WSFA members <WSFAlist at WSFA.org>
Reply-To: WSFA members <WSFAlist at WSFA.org>
"Ted White" <twhite8 at cox.net> wrote:
> It seems like the majority of spam I get these days will have four
> random words (weird juxtapositions) in the subject line.
Yes. They do that to get through to people who whitelist the subject
line. I have about 800 words or phrases in my subject line whitelist,
so a few times a day a spam manages to hit one and get through. Today
three got through. The subject lines were:
Subject: [WSFA] carabao aphid electrolyte euphorbia batten fierce saturnine
barracuda dogma lynchburg balm junction enthusiastic meridian
passionate element idyllic saxony hexane chartroom amerada
architecture childhood inception comanche concise inactivate minus
resumption edmonds bugging helical boardinghouse gassy hyman
Subject: [WSFA] apogee banana lanthanum rinehart adelaide tarbell anhydrous
computation declaratory caucasus ouch teutonic furry taken
planetesimal lopez concomitant dysplasia scabious cashew isotropic
believe dwelt hedonist conjoin bronze corpsmen
Subject: [WSFA] feedback collapse deacon oregano cranelike able atlantic
crossarm albany swelt trillion an currant drench bolivia splash
industrial deteriorate valkyrie storekeep solvent unisex visigoth
glaze squirrel deuteron minibike varnish counsel
(I'd be curious if anyone can guess which word in each one was in
my whitelist.)
The strangest thing about them is that all the words are spelled
correctly. That's very rare in any part of a spam.
Are you sure yours only have four words on the subject line?
> (The rest say Hi! or Check It Out or something similar.) What I
> find stranger are the names of the putative senders. Very often
> they are first and last names (some of them distinctive) of people
> from whom I receive email, but rearranged into new names.
I often see the same, but in my case it's certainly selection bias.
Since I have "Ted White" whitelisted, spam from anyone who claims to
be "Ted White" (or any of about 9000 other people) will get through.
This also happens more often than you might think. Not with "Ted
White" specifically, but with one of the 9000. Some spammers make up
names at random by combining common first and last names. Others let
their list of names and addresses to spam double as a list of names
and addresses to forge.
While I have sent numerous emails every day for decades, I have no
doubt that the vast majority of emails that have gone out with my name
and address on them were spams. The ratio of my typing speed and a
broadband-connected spammer's automatic sending speed is about equal
to the ratio of the speed of a snail and a Space Shuttle. The Shuttle
doesn't have to fly very long before it pulls ahead of the snail, even
if the snail has been in constant motion for decades.
> At first I thought this was coincidence. Now I am less sure.
For the past year and a half I've been saving my procmail logs. So
I have a complete database of *millions* of recent spams that were
directed against me (most of which didn't get through, of course).
(My log consists of just the From: lines, Subject: [WSFA] lines, and reason
for rejection, not the body of the spam or the complete headers.) I'd
be glad to check any statistic you want. For instance 0.16% of them
claim to be from someone named Ted, and 0.074% of them claim to be
from someone named White. None have claimed to be from Ted White.
--
Keith F. Lynch - http://keithlynch.net/
Please see http://keithlynch.net/email.html before emailing me.